Vancouver Winter Olympics tweets can direct you to malware

Beware of tweets bearing promises of Olympics footage. You may be getting malware instead.

As the 2010 Vancouver Winter Olympics kicked off yesterday, Twitter messages bearing short links to Olympics news started appearing from an account called gamesvancouver, according to security firm Zscaler Research.

The tweets have a shortened URL that promises footage of the opening ceremonies but instead directs users to a page that presents a false mirror of the official page. The domain name has a slight misspelling, replacing a “u” for an “n” in the vancouver2010.com domain name.

Like any big event, the Olympics are in drawing social engineers who hope to trick people into downloading malware. In this case, the victim is tricked into downloading a fake codec for Adobe’s Flash software, which the site says you have to have to view the a video. But the download installs a Windows executable file with a Trojan/Downloader.

Zscaler says the malicious file is currently detected by only 11 of 41 antivirus software programs. The site looks authentic, so it’s likely a reasonable number of people will fall for the trick, Zscaler says.